Blog of Random Thoughts and Pictures

Protection and Trust in Financial Infrastructures

September 24th, 2010


Not one our first projects to start in the FP7 programme, but our first project to finish. PARSIFAL was a coordination action, funded by the European Research Programme for Critical Infrastructure Protection. Its objective was to define how to better protect Critical Financial Infrastructures (CFI) in Europe.
There were a limited set of partners on the project ATOS Origin Sae, Spain (coordinators), ACRIS GmbH, Switzerland; @bc – Arendt Business Consulting, Germany; Avoco Secure Ltd, UK; EDGE International BV, Netherlands and of coures ourselves from the TSSG.
The key achievement of the project was to strengthened engagement between the European Commission and the Financial Services Industry in terms of trust, security and dependability. Financial Services are seen as a critical ICT infrastructures and so the purpose of this project was to provide direction for future research programmes, helping to align research in this area to the needs of the Financial Services Industry.
Parsifal has produced a whitepaper to highlight its acheivements [pdf].
There is also a document which gives some further details of the main research gaps in the area such as the classification of identity attributes for on-line and mobile users of financial services. The document points out this these identity attributes should be defined and well understood by providers of these services and their customers and in particular the:
3.1 Classification of identity attributes for online and mobile users
3.2 Trust Indicators for financial services to determine risk level
3.3 Multiple-identity management platforms
With the new dimension of cloud computing/architectural changes and de-perimeterization, can lead to new needs for standardization and regulations (flexible virtual concentration)
4.1 Standard and cross border digital identities in the financial market
4.2 Data-linked security policies
4.3 De-perimeterization of organizations: models and cross order issues:
5.1 Design and implementation of secure platforms and applications
5.2 Model Definition
For the full document read Section 3.1 of the Gap analysis report by clicking here
One of the main research items from the project has been the draft ontology of financial risks & dependencies within and without the Financial Sector (D2.1 – V2.0) [pdf].
The aim of the document is to contribute to a common understanding of the key concepts in risk management and financial infrastructures. It presents a simple model combining the ontologies from both the security and the financial sector.
There are ontologies in three work areas (business continuity, control engineering, trusted sharing of sensitive /confidential information). These ontologies lay the ground for further approaches, while one-page roadmaps illustrate the instant benefits of this approach.
ASimpleOntologyofDigitalIdentity.png
There is an extensive structured glossary in the document too. This glossary is based on a compilation of terms, available from public institutions (like the European Central Bank) or known experts. It includes more terms appearing in the other deliverables of the Parsifal project and being especially relevant to our context.
The main contributors to this work were J.-Yves Gresser, B. Haemmerli, S. Morrow, H. Arendt and Keiran Sullivan (TSSG), with Keiran leading a paper in the area “Risk ontologies – Security or Trust? Terminological & Knowledge Organisation”, TKE 2010, Sept. 2010.
All in all not a bad output from a humble CSA.